package com.workday.certificatepinning;

import android.content.Context;
import android.net.Uri;
import android.util.Log;
import com.workday.logging.component.WorkdayLogger;
import com.workday.settings.AuthenticationSettingsManager;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt__StringsJVMKt;

/* compiled from: CertificatePinManager.kt */
/* loaded from: classes2.dex */
public final class CertificatePinManager {
    public final CertPinningAllowlist certPinningAllowlist;
    public final AuthenticationSettingsManager certPinningSetting;
    public final HashMap<String, Set<X509Certificate>> certificates;
    public final Context context;
    public final WorkdayLogger workdayLogger;

    public CertificatePinManager(Context context, AuthenticationSettingsManager certPinningSetting, CertPinningAllowlist certPinningAllowlist, WorkdayLogger workdayLogger) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(certPinningSetting, "certPinningSetting");
        Intrinsics.checkNotNullParameter(workdayLogger, "workdayLogger");
        this.context = context;
        this.certPinningSetting = certPinningSetting;
        this.certPinningAllowlist = certPinningAllowlist;
        this.workdayLogger = workdayLogger;
        this.certificates = new HashMap<>();
        resetCertificates();
    }

    public final synchronized void addPemCertificate(String domain, X509Certificate x509Certificate) {
        Intrinsics.checkNotNullParameter(domain, "domain");
        String lowercaseDomainNameWithoutWildcard = getLowercaseDomainNameWithoutWildcard(domain);
        if (!this.certificates.containsKey(lowercaseDomainNameWithoutWildcard)) {
            this.certificates.put(lowercaseDomainNameWithoutWildcard, new HashSet());
        }
        Set<X509Certificate> set = this.certificates.get(lowercaseDomainNameWithoutWildcard);
        if (set == null) {
            set = new LinkedHashSet<>();
        }
        set.add(x509Certificate);
    }

    public final void addPemCertificateFromFile(Context context, String str, String str2) throws CertificateException {
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(context.getAssets().open(str2));
            Intrinsics.checkNotNullExpressionValue(x509Certificate, "newCertificateInstanceFromAsset(context, filename)");
            addPemCertificate(str, x509Certificate);
        } catch (IOException e) {
            Log.e("CertificateUtils", "Failed to load certificate from assets!");
            throw new RuntimeException(e);
        }
    }

    public final void addPemCertificates(List<TrustedCertificate> list) throws CertificateException {
        X509Certificate newCertificateInstance;
        for (TrustedCertificate trustedCertificate : list) {
            String str = trustedCertificate.domain;
            String str2 = trustedCertificate.certificate;
            try {
                newCertificateInstance = CertificateUtils.newCertificateInstance(str2);
            } catch (CertificateException e) {
                int indexOf = str2.indexOf("-----BEGIN CERTIFICATE-----");
                if (indexOf >= 0) {
                    int i = indexOf + 27;
                    int indexOf2 = str2.indexOf("-----END CERTIFICATE-----", i);
                    str2 = indexOf2 < 0 ? str2.substring(i) : str2.substring(i, indexOf2);
                }
                StringBuilder sb = new StringBuilder("-----BEGIN CERTIFICATE-----");
                sb.append("\n");
                String replace = str2.trim().replace("\r", "").replace("\n", "");
                int length = replace.length() / 64;
                int i2 = replace.length() % 64 > 0 ? 1 : 0;
                StringBuilder sb2 = new StringBuilder(str2.length() + length + i2);
                for (int i3 = 0; i3 < length; i3++) {
                    int i4 = i3 * 64;
                    sb2.append(str2.substring(i4, i4 + 64));
                    sb2.append("\n");
                }
                if (i2 > 0) {
                    sb2.append(str2.substring(length * 64));
                    sb2.append("\n");
                }
                sb.append(sb2.toString());
                sb.append("\n");
                sb.append("-----END CERTIFICATE-----");
                String sb3 = sb.toString();
                if (sb3 == null) {
                    throw e;
                }
                newCertificateInstance = CertificateUtils.newCertificateInstance(sb3);
            }
            if (newCertificateInstance == null) {
                throw new CertificateException("Unable to construct certificate");
                break;
            } else {
                Intrinsics.checkNotNullExpressionValue(newCertificateInstance, "newCertificateInstanceWi…ormatting(it.certificate)");
                addPemCertificate(str, newCertificateInstance);
            }
        }
    }

    public final synchronized Set<X509Certificate> getExpectedCertificates(String str) {
        String keyForMapLookup;
        Uri parse = Uri.parse(str);
        Intrinsics.checkNotNullExpressionValue(parse, "parse(urlSpec)");
        keyForMapLookup = getKeyForMapLookup(parse, this.certificates);
        return keyForMapLookup == null ? null : this.certificates.get(keyForMapLookup);
    }

    public final String getKeyForMapLookup(Uri uri, Map<String, ?> map) {
        CertPinningAllowlist certPinningAllowlist;
        ArrayList arrayList = new ArrayList();
        String host = uri.getHost();
        if (host != null && (certPinningAllowlist = this.certPinningAllowlist) != null && certPinningAllowlist.isAllowlisted(host)) {
            return null;
        }
        Iterator<String> it = map.keySet().iterator();
        while (true) {
            boolean z = true;
            if (!it.hasNext()) {
                break;
            }
            String next = it.next();
            Intrinsics.checkNotNull(host);
            Locale locale = Locale.getDefault();
            Intrinsics.checkNotNullExpressionValue(locale, "getDefault()");
            String lowerCase = host.toLowerCase(locale);
            Intrinsics.checkNotNullExpressionValue(lowerCase, "(this as java.lang.String).toLowerCase(locale)");
            if (!Intrinsics.areEqual(lowerCase, next) && !StringsKt__StringsJVMKt.endsWith$default(lowerCase, Intrinsics.stringPlus(".", next), false, 2)) {
                z = false;
            }
            if (z) {
                arrayList.add(next);
            }
        }
        int size = arrayList.size();
        if (size == 0) {
            return null;
        }
        if (size == 1) {
            return (String) arrayList.get(0);
        }
        Collections.sort(arrayList, CertificatePinManager$$ExternalSyntheticLambda0.INSTANCE);
        return (String) arrayList.get(0);
    }

    public final String getLowercaseDomainNameWithoutWildcard(String str) {
        Locale locale = Locale.getDefault();
        Intrinsics.checkNotNullExpressionValue(locale, "getDefault()");
        String lowerCase = str.toLowerCase(locale);
        Intrinsics.checkNotNullExpressionValue(lowerCase, "(this as java.lang.String).toLowerCase(locale)");
        if (StringsKt__StringsJVMKt.startsWith$default(lowerCase, ".", false, 2)) {
            lowerCase = lowerCase.substring(1);
            Intrinsics.checkNotNullExpressionValue(lowerCase, "(this as java.lang.String).substring(startIndex)");
        }
        if (!StringsKt__StringsJVMKt.startsWith$default(lowerCase, "*.", false, 2)) {
            return lowerCase;
        }
        String substring = lowerCase.substring(2);
        Intrinsics.checkNotNullExpressionValue(substring, "(this as java.lang.String).substring(startIndex)");
        return substring;
    }

    public final boolean isPinnedUri(Uri uri) {
        String uri2 = uri.toString();
        Intrinsics.checkNotNullExpressionValue(uri2, "uri.toString()");
        return getExpectedCertificates(uri2) != null;
    }

    public final void resetCertificates() {
        this.certificates.clear();
        try {
            Iterator<CertInfo> it = CertList.INSTANCE.iterator();
            while (it.hasNext()) {
                CertInfo next = it.next();
                addPemCertificateFromFile(this.context, next.domain, next.certFile);
            }
        } catch (CertificateException e) {
            throw new RuntimeException(e);
        }
    }
}
